Standardize policy labels

approval/task-and-run-approvals.yml

@@ -9,4 +9,4 @@ description: |
 
 labels:
 - approval
-- decision making
+- decision-making

notification/drift-detection-with-changes.yml

@@ -5,6 +5,6 @@ description: |
   This policy is used send a notification to Slack when drift is detected in the infrastructure.
 labels:
   - notification
-  - drift detection
+  - drift-detection
   - changes
   - slack

plan/check-blast-radius.yml

@@ -7,5 +7,5 @@ description: |
 
 labels:
 - plan
-- blast radius
-- best practices
+- blast-radius
+- best-practices

plan/checkov-failed-checks.yml

@@ -6,7 +6,7 @@ description: |
   It provides visibility into potential issues without blocking the deployment process.
 
 labels:
-- code quality
+- code-quality
 - checkov
-- warning policy
+- warning-policy
 - plan

plan/do-not-delete-stateful-resources.yml

@@ -6,6 +6,6 @@ description: |
   By preventing the deletion of specified resource types during the plan phase, the policy helps maintain the integrity and availability of stateful resources in the infrastructure.
 
 labels:
-- stateful resources
-- deletion prevention
+- stateful-resources
+- deletion-prevention
 - plan

plan/dont-allow-resource-type.yml

@@ -10,6 +10,6 @@ labels:
 - security
 - aws
 - iam
-- access key
-- static credentials
+- access-key
+- static-credentials
 - plan

plan/enforce-cloud-provider.yml

@@ -5,6 +5,6 @@ description: |
   This policy ensures adherence to the organization's cloud provider strategy by enforcing the exclusive use of a specific cloud provider for deployments.
 
 labels:
-- cloud provider
+- cloud-provider
 - aws
 - plan

plan/enforce-instance-type-list.yml

@@ -8,6 +8,6 @@ description: |
 
 labels:
 - aws
-- instance type
-- cost management
+- instance-type
+- cost-management
 - plan

plan/enforce-module-use-policy.yml

@@ -7,8 +7,8 @@ description: |
    The policy denies the direct creation of resources and alerts when resources are created using unapproved modules.
 
 labels:
-- password security
+- password-security
 - terraform
 - compliance
 - plan
-- best practices
+- best-practices

plan/enforce-password-length.yml

@@ -7,8 +7,8 @@ description: |
   This approach ensures adherence to security best practices, significantly enhancing the overall security posture by mandating robust password criteria.
 
 labels:
-- password security
+- password-security
 - terraform
 - compliance
 - plan
-- best practices
+- best-practices

plan/enforce-sqlinstance-network.yml

@@ -7,7 +7,7 @@ description: |
   The enforcement applies to both the creation and updating of resources, promoting best practices in cloud security and infrastructure management.
 
 labels:
-- cloud sql
+- cloud-sql
 - network-security
 - google
 - terraform

plan/enforce-terraform-version-list.yml

@@ -7,7 +7,7 @@ description: |
 
 labels:
 - terraform
-- version control
+- version-control
 - security
 - compliance
 - plan

plan/ensure-resource-creation-before-deletion.yml

@@ -5,5 +5,5 @@ description: |
   This policy ensures that the listed resource types will be created before being deleted to avoid an incident.
 labels:
   - plan
-  - best practices
+  - best-practices
   - incident-prevention

plan/infracost-monthly-cost-restriction.yml

@@ -10,6 +10,6 @@ description: |
 
 labels:
 - infracost
-- cost management
+- cost-management
 - budget
-- financial governance
+- financial-governance

plan/mandatory-and-acceptable-labels-gcp.yml

@@ -8,5 +8,3 @@ labels:
   - gcp
   - labels
   - tags
-
-

plan/require-human-review-for-drift-detection-reconciliation.yml

@@ -9,7 +9,7 @@ description: |
   This requirement for manual approval helps in ensuring that the proposed changes are indeed appropriate and in alignment with the organization's infrastructure management policies and practices.
 
 labels:
-- drift detection
-- manual approval
-- human review
+- drift-detection
+- manual-approval
+- human-review
 - plan

plan/require-human-review-for-unreachable-ansible-hosts.yml

@@ -9,7 +9,7 @@ description: |
 
 labels:
 - ansible
-- unreachable hosts
-- human review
+- unreachable-hosts
+- human-review
 - troubleshooting
 - plan

plan/require-human-review-for-update-deletion.yml

@@ -7,6 +7,6 @@ description: |
   and require all others to get a human review.
 labels:
   - plan
-  - best practices
+  - best-practices
   - security
-  - warning policy
+  - warning-policy

push/allow-forks.yml

@@ -2,13 +2,13 @@ name: Allow Forks
 source: allow-forks.rego
 type: push
 description: |
-  This policy adjusts the default behavior to permit runs triggered by pull requests from forked repositories, but only for a whitelist of trusted users or organizations. 
-  The intention is to balance openness and collaboration with security, especially in open-source infrastructure projects. 
+  This policy adjusts the default behavior to permit runs triggered by pull requests from forked repositories, but only for a whitelist of trusted users or organizations.
+  The intention is to balance openness and collaboration with security, especially in open-source infrastructure projects.
 
   Trusted entities are specified within the policy, ensuring that only contributions from these users or organizations can trigger a propose run, fostering a controlled yet collaborative development environment.
 
-labels: 
+labels:
 - forks
 - security
 - collaboration
-- open source
+- open-source

push/cancel-in-progress-runs.yml

@@ -10,4 +10,4 @@ description: |
 labels:
 - cancel
 - push
-- in progress
+- in-progress

push/create-proposed-run-from-env-pr-labels.yml

@@ -2,15 +2,15 @@ name: Create Proposed Run From Env Pr Labels
 source: create-proposed-run-from-env-pr-labels.rego
 type: push
 description: |
-  This policy automates the creation of proposed runs based on the detection of pull request (PR) labels that are prefixed with "env:". 
-  It's designed to facilitate environment-specific workflows, where the presence of an environment label on a PR triggers a proposed run for further review or action. 
+  This policy automates the creation of proposed runs based on the detection of pull request (PR) labels that are prefixed with "env:".
+  It's designed to facilitate environment-specific workflows, where the presence of an environment label on a PR triggers a proposed run for further review or action.
   This capability ensures that changes intended for specific environments are automatically flagged for attention, aligning deployment strategies with environmental contexts and requirements.
 
   The policy bridges development workflows with deployment practices, enabling a more targeted approach to managing changes across different environments.
 
-labels: 
+labels:
 - environment
-- pull request
-- proposed run
+- pull-request
+- proposed-run
 - automation
-- push
+- push

push/deploy-with-git-tag.yml

@@ -2,11 +2,11 @@ name: Deploy With Git Tag
 source: deploy-with-git-tag.rego
 type: push
 description: |
-  This policy is designed to trigger deployments based on the creation of new git tags, specifically those that follow semantic versioning (e.g., X.Y.Z). It leverages regex to ensure that only tags matching the semantic version format initiate a tracked run, focusing deployment processes on versioned releases rather than branch updates. 
+  This policy is designed to trigger deployments based on the creation of new git tags, specifically those that follow semantic versioning (e.g., X.Y.Z). It leverages regex to ensure that only tags matching the semantic version format initiate a tracked run, focusing deployment processes on versioned releases rather than branch updates.
   This approach aligns deployment activities with version milestones, facilitating a clear and manageable release process.
-  
-labels: 
+
+labels:
 - git
 - tag
 - deployment
-- semantic versioning
+- semantic-versioning

push/deploy-with-pr-label.yml

@@ -8,9 +8,9 @@ description: |
 
   The policy optimizes the deployment process by aligning runs with development workflows, specifically leveraging PR labels to control deployment timing and execution, enhancing both automation and control within CI/CD pipelines.
 
-labels: 
-- pull request
+labels:
+- pull-request
 - label
 - deploy
 - push
-- automation
+- automation

push/pr-comment-driven-actions.yml

@@ -4,11 +4,11 @@ type: push
 description: |
   This policy leverages the power of pull request comments to drive actions, establishing a direct line between commentary and deployment. Key requirements include:
   - Read access to `issues` and subscription to `issues:comments` events on the version control system (VCS) provider.
-  It operates under the premise that only comments starting with `/spacelift` are considered, minimizing the risk of unintended deployments. 
+  It operates under the premise that only comments starting with `/spacelift` are considered, minimizing the risk of unintended deployments.
   This selective approach ensures that Spacelift actions, such as deployments, are explicitly triggered by designated commands within PR comments, enhancing both security and specificity in CI/CD workflows.
 
-labels: 
-- PR
+labels:
+- pull-request
 - comments
 - actions
-- push
+- push

push/pr-comment-driven-user.yml

@@ -2,12 +2,12 @@ name: PR Comment Driven User
 source: pr-comment-driven-user.rego
 type: push
 description: |
-  This push policy leverages pull request comments to initiate Spacelift runs, specifically designed for customizable workflows. 
+  This push policy leverages pull request comments to initiate Spacelift runs, specifically designed for customizable workflows.
   It requires read access to repository issues and subscription to issues comments events on the VCS provider.
-  The policy processes comments beginning with `/spacelift` to trigger actions, such as deploying a stack, provided the comment is made by a member of the development team. 
+  The policy processes comments beginning with `/spacelift` to trigger actions, such as deploying a stack, provided the comment is made by a member of the development team.
   This ensures controlled execution based on team member inputs without processing edited or deleted comments.
-labels: 
-- pull request
+labels:
+- pull-request
 - comments
 - deployment
-- team
+- team

push/prs-only.yml

@@ -2,13 +2,12 @@ name: PRs Only
 source: prs-only.rego
 type: push
 description: |
-  This policy ensures that runs are closely aligned with pull request (PR) activities, focusing on enhancing the integration and deployment workflows. 
-  It triggers proposed runs for any PR event, while tracked runs are specifically reserved for PR merges into the tracked branch. 
-  By ignoring all non-PR related events, this policy streamlines the deployment process, ensuring that only meaningful changes that have undergone review are considered for deployment. 
+  This policy ensures that runs are closely aligned with pull request (PR) activities, focusing on enhancing the integration and deployment workflows.
+  It triggers proposed runs for any PR event, while tracked runs are specifically reserved for PR merges into the tracked branch.
+  By ignoring all non-PR related events, this policy streamlines the deployment process, ensuring that only meaningful changes that have undergone review are considered for deployment.
   This approach is critical for maintaining high standards of code quality and efficiency.
 
-labels: 
-- PR
-- pull request
+labels:
+- pull-request
 - merge
-- push
+- push

push/tag-driven-tf-module-release-flow.yml

@@ -2,13 +2,13 @@ name: Tag Driven Tf Module Release Flow
 source: tag-driven-tf-module-release-flow.rego
 type: push
 description: |
-  This policy facilitates a tag-driven release flow for Terraform modules. 
-  When a new tag is pushed to a module repository, the policy triggers a tracked run, ensuring that the module version is updated accordingly. 
-  It specifically accounts for tags prefixed with "v", stripping this prefix to comply with the Terraform Module Registry's versioning format, which requires numeric "X.X.X" versions. 
+  This policy facilitates a tag-driven release flow for Terraform modules.
+  When a new tag is pushed to a module repository, the policy triggers a tracked run, ensuring that the module version is updated accordingly.
+  It specifically accounts for tags prefixed with "v", stripping this prefix to comply with the Terraform Module Registry's versioning format, which requires numeric "X.X.X" versions.
   This approach streamlines the release process, allowing for automatic updates and version tracking within the Spacelift environment.
 
-labels: 
+labels:
 - tag
 - release
-- Terraform
-- module
+- terraform
+- module